General

  • Target

    6e6fcf64da43ff266942cfb804090b4b

  • Size

    968KB

  • Sample

    240122-ckapxaefd2

  • MD5

    6e6fcf64da43ff266942cfb804090b4b

  • SHA1

    5662bc2d7a9febf2f1818c16f11c71e308fec03a

  • SHA256

    e2ff70ff006f80333489b13ead60541314566aa9153361b1a290c6729ea6124f

  • SHA512

    8891ae4c312063802d1e96a85485859a355f0b06ae15e068bfbf88588fbd1604a71559e1e85c158d06d3d0fd2cb5643c093bb8dce33c12743eb41696d162b493

  • SSDEEP

    24576:v7vaIuur0kJLC6tEfwnU8AtfeiDgLxKMO8Zw9Q0bJF:vLaI1C6tznU8AnGxKMbb

Malware Config

Targets

    • Target

      6e6fcf64da43ff266942cfb804090b4b

    • Size

      968KB

    • MD5

      6e6fcf64da43ff266942cfb804090b4b

    • SHA1

      5662bc2d7a9febf2f1818c16f11c71e308fec03a

    • SHA256

      e2ff70ff006f80333489b13ead60541314566aa9153361b1a290c6729ea6124f

    • SHA512

      8891ae4c312063802d1e96a85485859a355f0b06ae15e068bfbf88588fbd1604a71559e1e85c158d06d3d0fd2cb5643c093bb8dce33c12743eb41696d162b493

    • SSDEEP

      24576:v7vaIuur0kJLC6tEfwnU8AtfeiDgLxKMO8Zw9Q0bJF:vLaI1C6tznU8AnGxKMbb

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks